This is your work, valued

userland

CodeX

Expert
@CodeXTF2

Red teamer and offensive dev. I pop shells and play tf2.

ScreenshotBOF. An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. Screenshot downloaded in memory.

499

Burp2Malleable. Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles

418

maldev-links. My collection of malware dev links

318

WindowSpy. WindowSpy is a Cobalt Strike Beacon Object File meant for automated and targeted user surveillance.

283

WebcamBOF. Webcam capture capability for Cobalt Strike as a BOF, with in-memory download options

164

cobaltstrike-headless. Aggressorscript that turns the headless aggressor client into a (mostly) functional cobalt strike client.

146

CustomC2ChannelTemplate. template for developing custom C2 channels for Cobalt Strike using IAT hooks applied by a reflective loader.

105

OpenMalleableC2. Open Source Implementation of Cobalt Strike's Malleable C2

103

HavocNotion. A simple ExternalC2 POC for Havoc C2. Communicates over Notion using a custom python agent, handler and extc2 channel. Not operationally safe or stable, built as a PoC to showcase Havoc C2's modular C2 channel interface.

92

PyHmmm. Simple PoC Python agent to showcase Havoc C2's custom agent interface. Not operationally safe or stable. Released with accompanying blog post as a tutorial sample

86

Cobaltstrike_BOFLoader. open source port/reimplementation of the Cobalt Strike BOF Loader as is

73

bof_template. BOF template with boflink and mutator kit support

52

OpenMalleableAdaptix. Adaptix C2 extender to support Cobalt Strike Malleable C2 profiles

42

BusySleepBeacon. This is a simple project made to evade https://github.com/thefLink/Hunt-Sleeping-Beacons by using a busy wait instead of beacon's built in Sleep() call. Most of the structure e.g. Sleep hook, shellcode exec etc. are taken from mgeeky's https://github.com/mgeeky/ShellcodeFluctuation.

36

evasion-adventures-files. Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"

31

cobaltstrike-sleepmask-yara. Just a git repo for the sleepmask detection rule i found in https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-strike/sleep-mask-kit-iocs

16

GamingMouseWebSoftwares. HTML

15

SharpAwareness. Light and more OPSEC friendly way for red teamers to gain quick situational awareness of both the host and the user.

12

CobaltStrikeSoundBoard. Python

11

beacon_notify_discordhook. Probably the easiest way to setup new beacon notifications in Cobalt Strike

10

headless_re_tools_for_llms. Python

10

qtscrcpy_keymap_editor. Python

9

yamldeck. JavaScript

6

ListModulesBOF. C

5

goautodial-rce-exploit. Pops a shell on a goautodial server

4

sliver. Adversary Emulation Framework

4

dearg-thread-ipc-stealth. A novel technique to communicate between threads using the standard ETHREAD structure

3

CodeXTF2.

3

codexs-useful-utils. Misc utils I made here and there, collected in one place

3

titanldr-ng. A newer iteration of TitanLdr with some newer hooks, and design. A generic user defined reflective DLL I built to prove a point to Mudge years ago.

3

AceLdr. Cobalt Strike UDRL for memory scanner evasion.

2

titan. Titan: A generic user defined reflective DLL for Cobalt Strike

2

domainhunter. Checks expired domains for categorization/reputation and Archive.org history to determine good candidates for phishing and C2 domain names

1

DynamicWrapperDotNet. Dynamically Loads Assembly and Calls Methods from JScript

1

AM0N-Eye. forked for safekeeping

1

CodeXTF2.github.io. codextf2.github.io

1

schoolproj-fork. HTML

1

Simulated-User. Python

1

my-bashrc. My bashrc file

1

Ekko. Sleep Obfuscation

1

postman-import-python. A python library that allows importing of Postman 2.1 JSON collections into ready to use requests objects

1

James-Server-RCE. Improved version of the james server RCE. Spawns a reverse shell that can bypass rbash ;)

1